3499: Improve Python SDK's ability to read apiserver's config files.

Use a hardcoded secret in the default "test" configuration, rather
than generating a random string with erb. Otherwise, the Python test
suite can't figure out what blob signing key the test server actually
ends up using.

diff --git a/sdk/python/tests/test_arv_put.py b/sdk/python/tests/test_arv_put.py
index 59d3a8e70ccb30988402e4c75c17d92484ec58c6..c9c63e9963eb4038b0c0514af552683258b61118 100644 (file)
--- a/sdk/python/tests/test_arv_put.py
+++ b/sdk/python/tests/test_arv_put.py
@@ -466,18 +466,24 @@ class ArvPutIntegrationTest(unittest.TestCase):
 
         # Use the blob_signing_key from the Rails "test" configuration
         # to provision the Keep server.
-        with open(os.path.join(os.path.dirname(__file__),
-                               run_test_server.ARV_API_SERVER_DIR,
-                               "config",
-                               "application.yml")) as f:
-            rails_config = yaml.load(f.read())
-        try:
-            config_blob_signing_key = rails_config["test"]["blob_signing_key"]
-        except KeyError:
-            config_blob_signing_key = rails_config["common"]["blob_signing_key"]
+        config_blob_signing_key = None
+        for config_file in ['application.yml', 'application.default.yml']:
+            with open(os.path.join(os.path.dirname(__file__),
+                                   run_test_server.ARV_API_SERVER_DIR,
+                                   "config",
+                                   config_file)) as f:
+                rails_config = yaml.load(f.read())
+                for config_section in ['test', 'common']:
+                    try:
+                        config_blob_signing_key = rails_config[config_section]["blob_signing_key"]
+                        break
+                    except KeyError, AttributeError:
+                        pass
+            if config_blob_signing_key != None:
+                break
         run_test_server.run()
         run_test_server.run_keep(blob_signing_key=config_blob_signing_key,
-                                 enforce_permissions=True)
+                                 enforce_permissions=(config_blob_signing_key != None))
 
     @classmethod
     def tearDownClass(cls):

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index 5436f0227d8620ad9b08cf710d34807ddaff5c8f..c32900cfaf01e73f9ab7cd542547020233528360 100644 (file)
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -41,7 +41,7 @@ test:
   active_record.mass_assignment_sanitizer: :strict
   uuid_prefix: zzzzz
   secret_token: <%= rand(2**512).to_s(36) %>
-  blob_signing_key: <%= rand(2**512).to_s(36) %>
+  blob_signing_key: zfhgfenhffzltr9dixws36j1yhksjoll2grmku38mi7yxd66h5j4q9w4jzanezacp8s6q0ro3hxakfye02152hncy6zml2ed0uc
 
 common:
   uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %>